new host: epona (running netbox)

This commit is contained in:
Markus 2021-07-14 17:38:28 +02:00
parent 241c706625
commit f0c55693a8
16 changed files with 620 additions and 65 deletions

View File

@ -111,6 +111,12 @@ matrix_dbpass: "{{ vault_matrix_dbpass }}"
mc_domain: minecraft.binary-kitchen.de mc_domain: minecraft.binary-kitchen.de
netbox_domain: netbox.binary.kitchen
netbox_dbname: netbox
netbox_dbuser: netbox
netbox_dbpass: "{{ vault_netbox_dbpass }}"
netbox_secret: "{{ vault_netbox_secret }}"
nextcloud_domain: oc.binary-kitchen.de nextcloud_domain: oc.binary-kitchen.de
nextcloud_dbname: owncloud nextcloud_dbname: owncloud
nextcloud_dbuser: owncloud nextcloud_dbuser: owncloud

View File

@ -1,64 +1,70 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
37623239353765633630353337643231343235623233303064653262333865643730663763633465 39316232613634343830643461396530306634313466313837613964663431373865373035653433
6461396231656335313364383239346532643962663661630a643262633934623265646166666635 6265376565646564306666623636313130666437343230640a663762663137333466343732666635
35376235616335303335616139306136633736363332376462303839306632643438363332363065 63666363393037316430393738636462313162346465316237666566613337306538366432326462
6232376662313062310a343835363535383638613232333038636563393263363736343134343333 6631323763636237350a613837366362386663356463333161643837666664353938633432623662
63633061626639623265626237323234636166323934396533356565333838373130353031323839 33656566633435343964313966333063313432666531633962636533326262346166356237373261
35326439353930383865326163323363393734633239623566383265613339653237613364356562 35323463323364643734356630366539346534323838653237383632363861633434306166306363
30666366656437633236353036663534356637643938376234616464346538393637393830666232 37363362656337623966323933653266393835346136306337663030336266336261366465393465
62303962376332323966373837376239343061393834636536316137643365376436353034393838 36336530633334356435616639623935313437663435366464663462393465336461313236633461
33346430353034663235333165333536303538396631663039353534323531393064663566366334 63303436393361326163396636386137393261366266363066623633383734376435636666356663
38623461643633373533326636393962333534336631653139383034653933356162366561386362 61663730623332356636643434393466356265383136656562633035616232613662353063643138
66313662653136333137633930346363386363346630636631623165346539376135326264333836 64323665366438306339623064393661633939306136313235643465653635623363376239393965
62333735343763353764346433323965646539656332353564313031653436353639363434643132 31623039373330333534396133363663316364316463653733393539633439653934613035626366
62616462623539303933343139313665353734313062313065316565303262393036643238636432 39636164633061303665353732363038643435393430666438646633383638343839633336313338
63323462613339353664663565373466633833343836646533353639636534393364353065393964 32316163663838323730356336636666336165643636313665363032303765653435633831356338
65663363646163663332646430653433636365343531336436343664396564343538373336666434 36626666333432323031373131396466663233373266333635336566313837366137376536376138
37633832386537383438666263303562643236313931373864333236383033653861663332383663 64333764366536343137613532616431643532653364343763343138633735303030393066383938
38396435663636643366626233366161643231386162636438613638363161396466666163356232 36626633323634613538383762666239653865363033303338666638323839386461393037313562
62373861633366363435366635323162613866643039386665303164303861626665363362653864 31643365303833363265353663383365336231636562626536663330623163633063623961346139
64653533626561313232666665613566666562623430323037623162626462323133663432356333 39353432366235663033623930656463323032333034326562343139376439366230356261616233
63393363336563346336643566356662336131393961643735646337336632363733333764346233 34363464376133623232666334663366333833326531313363393935356666323739353030613666
38333862343562616261373239343565336565663933383261656131323834633333363135623335 36383861323664613833613034616264636538353762376661336431373735376563343137376230
63326335323532326431313930643061303564653636663331663265653039653031626139356566 37383066373439336564353639633736373161346465323965323330616233386366633366356636
62616533373765386561393632306236393939316139333530356339373130326265616635623563 39663361313865346634313764636137363265343466626437643434633266316137613233383138
61366164626131613664633236366233316432653163336461306132353662313636653166643562 66313634303164643662386339396163313335373863656462323561666464636632616436346230
62636362626333643030323164323733613735376235303366633136333064393566613463653236 35376536393235366134363234333638396134633635636132643031346461343266643137666365
64653838653932653931353835663030623339653066616534633732333636636435313761623631 34666165623837343865313265653762363531646230333033373730623866343539663030306563
32393261646135626363363362366436366637303866623461396665393163363163373737396336 38353761656162623561643038653461323361323362383335316562323036373564623632353061
30623936653136396439313833373565663432636263383262333562613262613632343165633964 31363337316131323561633264353233666135393633623962346464653261653065316337333835
34383531653864393165393039333239376463633565333337646639636138376134653238626166 38656233316532336336353331303131353033386233633862316561343563326636303539663866
64616663643062373933323138326261353632323864643730313433373536373964663064383538 64373563666463616335393865623063653462626133643763366239623239663430616539336637
62666366383630386430383930343634623064633930383634393765633363313765343039663933 64333866623733363930313562346231346238623132393862623130393637343265343835383133
62383362356162356364373535383066326462373563306338316634393762633235323431626330 63643037333531666366323965333333643133663330666434316536306165396365623063356530
36313765353339613036613761363032636539363830353538633536653161636334303362633161 62383638616630333163353833376239633839653565346531366539383339376464326437326337
39393063633231323335663066373463303233373062616237366432303733653030663066626236 66363238336462336634613163303037646138323865613237656163386162353666616334323435
62643739346463396339363739306231363266366664393037343630366430626362656365656439 33343133366138636538613939363434343930333265663861346366353863383830313231333938
32323765666233353861613362663061313239353033336166346431346635383566383931313861 62323962333433303539646661363930393136616635343262383739623162616561393335313865
36333731346630663431643761366139356166656130383633303939643737663637346162306466 36643536633466656635653836636161356365303239343036363335326232353931343138353263
30303061383832383334366330326133383538633333383839353630303131333662303236656665 36396331643930663731656432353462613933623733343333343338323831343232393139323664
37356266333038386565343363346635653263393665623931313337383962343261636339363764 34393634323437313162613465376563616636326639643061386362373365323637343262333238
35643666373335613165626463363830666566303236396362346130303566323434303965366164 31383438663933373765646561666233636263373561656336313133616334373766356436303863
65353531333134646366343538623434353662393439336362353366303534616233346633363130 36643730383330633561313131396635653330663837316662383762373932306164336637396530
31393131643863303537376166343534356436313235353532646137623664376638666334363731 63666639366136646364333039373630643662613837356335653334383836373862636539336261
31323033616663613839336661333237323231623830303531343438633739326435613535366433 33663462316666306662323161373161653664333566623437383865373862323836633436636238
33306364366433383939343931393838633866363761346361663538383533653235383233393737 64376661363731306330326631663130366365373564313435633962353137343738363835336464
38663037663263383732646131356461323861393961663965336437333139363066356564373837 61303963386130353230393733663937613336616161353438623531613662363930616433343535
65373835356164643163633331343437366533316565663330313631376138343538366233663934 62633963623037343831353531306537613437663339383064376566366463363461336262633131
64373862643934663332323532663266653932366633303038353639663466306661663333646232 38633031346666393235666464613066353537323134386163333965376638613534623764396635
39613630613736306362616238653533313830326661656433373731653165616637636661393138 34633339663234386562663636626661383839306333616362316264366132343634363761633438
39623036366465346362616639633232656136656535306334646361353937663335613039303738 61616432326465306366333962626164383238373161306533323737326532616166616636393735
61613262643637633033353564326633613364353637616535313439636535353632393265313964 37303032653630666537643238613637626261386536306534643734623430376231633939376263
64626535626230373361353937323362363636353466656237613862366261626166633530383862 35396235633538386632383166653865653535643663353431366361633661306561346137383930
63366561313637386362653636333537383539326661383232613961313534386633626133363438 36626262346165396238626336616437636332386335306135396665333639363165383563616538
30343634666336316539333261653065626562613865636335383564393664333962343334663339 38623330643661646162613734656630633337353638343666613939353063316434656530386262
66383232333837323461336462333535626434383731383331613030363131366230396264363964 65393439333663323063356633616665666535386539323536366535356466353938663035326333
34646232366337356265393235623565306562323337663438383239353837393437643635633164 61303265373136333536653732306231636263343831323532306132653465383732303931386161
34376465343837633233313065653031383563356537366439306633306361613830616165633932 36393564313039336636613562363066373461336439343434333937343664373437386236633332
31663361363032353261373163666138643536353335656438356165616235313563393733396238 33376136613837336365396339396463363665373865323265653438656537613566616531373536
37343534353739366163646237303737373738623761623038313962373739353638646564396439 30313834396564323861386335383863353730663831373262653636373734323232343866303061
39346663643861653030373334363836346336643764373261393436313564343930376137396130 62613534326261383263613535363364663739393836393963346562366339323338373237636661
62356335363636333866393935316139376363623234646533363665613862366630653963613466 61393032366362373236626536663231343566313739386531656434386635336237396632663231
31376435323165653964383266323463396361383533666261346166663036656536653361666133 36303135356539323665333037386237663730643737653962633161663834306538326532303566
32376334613533353362383938643639633366636134353038643564633062663934643765613262 61316563373632643836613831613362613936633630623263363963373132356437303934333035
356330333364636633373065346138313131 35323039386231363265303738643638643864313037386632386539346465643539383533366131
30313565613161663730626433383334623939323161393061353062333931643930353832626561
32643134306533386139633837316134653239656334306662653061646331353865343864343730
38623035376631646662626131333061306331336538636230626535393631343038323962346137
39346561646361373735326565363936366263376330326334616231636232343862303564383237
65363334663734313532393338363933646432396434613665316163373838613064663331373536
3465

1
hosts
View File

@ -4,6 +4,7 @@ bacon.binary.kitchen ansible_host=172.23.2.3
aveta.binary.kitchen ansible_host=172.23.2.4 aveta.binary.kitchen ansible_host=172.23.2.4
sulis.binary.kitchen ansible_host=172.23.2.5 sulis.binary.kitchen ansible_host=172.23.2.5
nabia.binary.kitchen ansible_host=172.23.2.6 nabia.binary.kitchen ansible_host=172.23.2.6
epona.binary.kitchen ansible_host=172.23.2.7
pizza.binary.kitchen ansible_host=172.23.2.33 pizza.binary.kitchen ansible_host=172.23.2.33
bob.binary.kitchen ansible_host=172.23.2.37 bob.binary.kitchen ansible_host=172.23.2.37
bowle.binary.kitchen ansible_host=172.23.2.62 bowle.binary.kitchen ansible_host=172.23.2.62

View File

@ -1,7 +1,7 @@
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names $ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
$TTL 1h ; default time-to-live $TTL 1h ; default time-to-live
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. ( @ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
2021070501; serial 2021071401; serial
1d; refresh 1d; refresh
2h; retry 2h; retry
4w; expire 4w; expire
@ -41,6 +41,7 @@ $TTL 1h ; default time-to-live
4.2 IN PTR aveta.binary.kitchen. 4.2 IN PTR aveta.binary.kitchen.
5.2 IN PTR sulis.binary.kitchen. 5.2 IN PTR sulis.binary.kitchen.
6.2 IN PTR nabia.binary.kitchen. 6.2 IN PTR nabia.binary.kitchen.
7.2 IN PTR epona.binary.kitchen.
11.2 IN PTR homer.binary.kitchen. 11.2 IN PTR homer.binary.kitchen.
12.2 IN PTR lock.binary.kitchen. 12.2 IN PTR lock.binary.kitchen.
13.2 IN PTR matrix.binary.kitchen. 13.2 IN PTR matrix.binary.kitchen.

View File

@ -1,7 +1,7 @@
$ORIGIN binary.kitchen ; base for unqualified names $ORIGIN binary.kitchen ; base for unqualified names
$TTL 1h ; default time-to-live $TTL 1h ; default time-to-live
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. ( @ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
2021070501; serial 2021071401; serial
1d; refresh 1d; refresh
2h; retry 2h; retry
4w; expire 4w; expire
@ -25,6 +25,7 @@ ldap1 IN A 172.23.2.3
ldap2 IN A 172.23.2.4 ldap2 IN A 172.23.2.4
ldapm IN A 213.166.246.2 ldapm IN A 213.166.246.2
librenms IN A 172.23.2.6 librenms IN A 172.23.2.6
netbox IN A 172.23.2.7
ns1 IN A 172.23.2.3 ns1 IN A 172.23.2.3
ns2 IN A 172.23.2.4 ns2 IN A 172.23.2.4
racktables IN A 172.23.2.6 racktables IN A 172.23.2.6
@ -62,6 +63,7 @@ bacon IN A 172.23.2.3
aveta IN A 172.23.2.4 aveta IN A 172.23.2.4
sulis IN A 172.23.2.5 sulis IN A 172.23.2.5
nabia IN A 172.23.2.6 nabia IN A 172.23.2.6
epona IN A 172.23.2.7
homer IN A 172.23.2.11 homer IN A 172.23.2.11
lock IN A 172.23.2.12 lock IN A 172.23.2.12
matrix IN A 172.23.2.13 matrix IN A 172.23.2.13

View File

@ -0,0 +1,5 @@
---
netbox_group: netbox
netbox_user: netbox
netbox_version: 2.11.9

View File

@ -0,0 +1,13 @@
---
- name: Run acertmgr
command: /usr/bin/acertmgr
- name: Reload systemd
systemd: daemon_reload=yes
- name: Restart netbox
service: name=netbox state=restarted
- name: Restart netbox-rq
service: name=netbox-rq state=restarted

View File

@ -0,0 +1,5 @@
---
dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }

141
roles/netbox/tasks/main.yml Normal file
View File

@ -0,0 +1,141 @@
---
- name: Create group
group: name={{ netbox_group }}
- name: Create user
user: name={{ netbox_user }} home=/home/{{ netbox_user }} group={{ netbox_group }}
- name: Install dependencies
apt:
name:
- build-essential
- libffi-dev
- libpq-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
- python3-setuptools
- python3-dev
- python3-pip
- python3-venv
- zlib1g-dev
- name: Install PostgreSQL
apt:
name:
- postgresql
- python3-psycopg2
- name: Configure PostgreSQL database
postgresql_db:
name: '{{ netbox_dbname }}'
become: true
become_user: postgres
- name: Configure PostgreSQL user
postgresql_user:
db: '{{ netbox_dbname }}'
name: '{{ netbox_dbuser }}'
password: '{{ netbox_dbpass }}'
priv: ALL
state: present
become: true
become_user: postgres
- name: Install redis
apt: name=redis-server
# TODO configure redis?
- name: Unpack netbox
unarchive:
src: 'https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz'
dest: /opt
remote_src: yes
creates: '/opt/netbox-{{ netbox_version }}'
register: netbox_unarchive
- name: Configure netbox
template:
src: configuration.py.j2
dest: '/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py'
owner: '{{ netbox_user }}'
group: '{{ netbox_group }}'
- name: Configure gunicorn
template:
src: gunicorn.py.j2
dest: '/opt/netbox-{{ netbox_version }}/gunicorn.py'
owner: '{{ netbox_user }}'
group: '{{ netbox_group }}'
- name: Netbox file permissions
file:
path: '/opt/netbox-{{ netbox_version }}'
owner: '{{ netbox_user }}'
group: '{{ netbox_group }}'
recurse: yes
- name: Run upgrade script
command:
cmd: ./upgrade.sh
chdir: '/opt/netbox-{{ netbox_version }}'
become: true
become_user: '{{ netbox_user }}'
when: netbox_unarchive.changed
# TODO - still manual work
# * Create a super user
# * Migrate media files
- name: Ensure certificates are available
command:
cmd: >
openssl req -x509 -nodes -newkey rsa:2048
-keyout /etc/nginx/ssl/{{ netbox_domain }}.key -out /etc/nginx/ssl/{{ netbox_domain }}.crt
-days 730 -subj "/CN={{ netbox_domain }}"
creates: '/etc/nginx/ssl/{{ netbox_domain }}.crt'
notify: Restart nginx
- name: Request nsupdate key for certificate
include_role: name=acme-dnskey-generate
vars:
acme_dnskey_san_domains:
- "{{ netbox_domain }}"
when: "'kitchen' in group_names"
- name: Configure certificate manager for netbox
template: src=certs.j2 dest=/etc/acertmgr/{{ netbox_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template:
src: vhost.j2
dest: /etc/nginx/sites-available/netbox
owner: root
mode: '0644'
notify: Restart nginx
- name: Enable vhost
file:
src: /etc/nginx/sites-available/netbox
dest: /etc/nginx/sites-enabled/netbox
state: link
notify: Restart nginx
- name: Install systemd units
template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
with_items:
- netbox
- netbox-rq
notify:
- Reload systemd
- Restart netbox
- Restart netbox-rq
- name: Enable services
service: name={{ item }} state=started enabled=yes
with_items:
- netbox
- netbox-rq

View File

@ -0,0 +1,18 @@
---
{{ netbox_domain }}:
- mode: dns.nsupdate
nsupdate_server: {{ acme_dnskey_server }}
nsupdate_keyfile: {{ acme_dnskey_file }}
- path: /etc/nginx/ssl/{{ netbox_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ netbox_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

View File

@ -0,0 +1,255 @@
#########################
# #
# Required settings #
# #
#########################
# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = ['{{ netbox_domain }}']
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
DATABASE = {
'NAME': '{{ netbox_dbname }}', # Database name
'USER': '{{ netbox_dbuser }}', # PostgreSQL username
'PASSWORD': '{{ netbox_dbpass }}', # PostgreSQL password
'HOST': 'localhost', # Database server
'PORT': '', # Database port (leave blank for default)
'CONN_MAX_AGE': 300, # Max database connection age
}
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
# to use two separate database IDs.
REDIS = {
'tasks': {
'HOST': 'localhost',
'PORT': 6379,
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '',
'DATABASE': 0,
'SSL': False,
},
'caching': {
'HOST': 'localhost',
'PORT': 6379,
# Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
# 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
# 'SENTINEL_SERVICE': 'netbox',
'PASSWORD': '',
'DATABASE': 1,
'SSL': False,
}
}
# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
# symbols. NetBox will not run without this defined. For more information, see
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
SECRET_KEY = '{{ netbox_secret }}'
#########################
# #
# Optional settings #
# #
#########################
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
# application errors (assuming correct email settings are provided).
ADMINS = [
# ['John Doe', 'jdoe@example.com'],
]
# URL schemes that are allowed within links in NetBox
ALLOWED_URL_SCHEMES = (
'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
)
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
BANNER_TOP = ''
BANNER_BOTTOM = ''
# Text to include on the login page above the login form. HTML is allowed.
BANNER_LOGIN = ''
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
# BASE_PATH = 'netbox/'
BASE_PATH = ''
# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes)
CACHE_TIMEOUT = 900
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
CHANGELOG_RETENTION = 90
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
CORS_ORIGIN_ALLOW_ALL = False
CORS_ORIGIN_WHITELIST = [
# 'https://hostname.example.com',
]
CORS_ORIGIN_REGEX_WHITELIST = [
# r'^(https?://)?(\w+\.)?example\.com$',
]
# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
# on a production system.
DEBUG = False
# Email settings
EMAIL = {
'SERVER': 'localhost',
'PORT': 25,
'USERNAME': '',
'PASSWORD': '',
'USE_SSL': False,
'USE_TLS': False,
'TIMEOUT': 10, # seconds
'FROM_EMAIL': '',
}
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
ENFORCE_GLOBAL_UNIQUE = False
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = [
# 'dcim.site',
# 'dcim.region',
# 'ipam.prefix',
]
# HTTP proxies NetBox should use when sending outbound HTTP requests (e.g. for webhooks).
# HTTP_PROXIES = {
# 'http': 'http://10.10.1.10:3128',
# 'https': 'http://10.10.1.10:1080',
# }
# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing
# NetBox from an internal IP.
INTERNAL_IPS = ('127.0.0.1', '::1')
# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
# https://docs.djangoproject.com/en/stable/topics/logging/
LOGGING = {}
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
LOGIN_REQUIRED = True
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days])
LOGIN_TIMEOUT = None
# Setting this to True will display a "maintenance mode" banner at the top of every page.
MAINTENANCE_MODE = False
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
# all objects by specifying "?limit=0".
MAX_PAGE_SIZE = 1000
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
# the default value of this setting is derived from the installed location.
# MEDIA_ROOT = '/opt/netbox/netbox/media'
# By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
# class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
# STORAGE_CONFIG = {
# 'AWS_ACCESS_KEY_ID': 'Key ID',
# 'AWS_SECRET_ACCESS_KEY': 'Secret',
# 'AWS_STORAGE_BUCKET_NAME': 'netbox',
# 'AWS_S3_REGION_NAME': 'eu-west-1',
# }
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
METRICS_ENABLED = False
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
NAPALM_USERNAME = ''
NAPALM_PASSWORD = ''
# NAPALM timeout (in seconds). (Default: 30)
NAPALM_TIMEOUT = 30
# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
# be provided as a dictionary.
NAPALM_ARGS = {}
# Determine how many objects to display per page within a list. (Default: 50)
PAGINATE_COUNT = 50
# Enable installed plugins. Add the name of each plugin to the list.
PLUGINS = []
# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
# PLUGINS_CONFIG = {
# 'my_plugin': {
# 'foo': 'bar',
# 'buzz': 'bazz'
# }
# }
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
# prefer IPv4 instead.
PREFER_IPV4 = False
# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
# Remote authentication support
REMOTE_AUTH_ENABLED = False
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = []
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
# This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
RELEASE_CHECK_TIMEOUT = 24 * 3600
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository.
RELEASE_CHECK_URL = None
# RELEASE_CHECK_URL = 'https://api.github.com/repos/netbox-community/netbox/releases'
# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
# REPORTS_ROOT = '/opt/netbox/netbox/reports'
# Maximum execution time for background tasks, in seconds.
RQ_DEFAULT_TIMEOUT = 300
# The file path where custom scripts will be stored. A trailing slash is not needed. Note that the default value of
# this setting is derived from the installed location.
# SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
SESSION_FILE_PATH = None
# Time zone (default: UTC)
TIME_ZONE = 'Europe/Berlin'
# Date/time formatting. See the following link for supported formats:
# https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date
DATE_FORMAT = 'N j, Y'
SHORT_DATE_FORMAT = 'Y-m-d'
TIME_FORMAT = 'g:i a'
SHORT_TIME_FORMAT = 'H:i:s'
DATETIME_FORMAT = 'N j, Y g:i a'
SHORT_DATETIME_FORMAT = 'Y-m-d H:i'

View File

@ -0,0 +1,16 @@
# The IP address (typically localhost) and port that the Netbox WSGI process should listen on
bind = '127.0.0.1:8001'
# Number of gunicorn workers to spawn. This should typically be 2n+1, where
# n is the number of CPU cores present.
workers = 5
# Number of threads per worker process
threads = 3
# Timeout (in seconds) for a request to complete
timeout = 120
# The maximum number of requests a worker can handle before being respawned
max_requests = 5000
max_requests_jitter = 500

View File

@ -0,0 +1,21 @@
[Unit]
Description=NetBox Request Queue Worker
Documentation=https://netbox.readthedocs.io/en/stable/
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=netbox
Group=netbox
WorkingDirectory=/opt/netbox-{{ netbox_version }}
ExecStart=/opt/netbox-{{ netbox_version }}/venv/bin/python3 /opt/netbox-{{ netbox_version }}/netbox/manage.py rqworker
Restart=on-failure
RestartSec=30
PrivateTmp=true
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,22 @@
[Unit]
Description=NetBox WSGI Service
Documentation=https://netbox.readthedocs.io/en/stable/
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=netbox
Group=netbox
PIDFile=/var/tmp/netbox.pid
WorkingDirectory=/opt/netbox-{{ netbox_version }}
ExecStart=/opt/netbox-{{ netbox_version }}/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox-{{ netbox_version }}/netbox --config /opt/netbox-{{ netbox_version }}/gunicorn.py netbox.wsgi
Restart=on-failure
RestartSec=30
PrivateTmp=true
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,38 @@
server {
listen 80;
listen [::]:80;
server_name {{ netbox_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://{{ netbox_domain }}$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ netbox_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ netbox_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ netbox_domain }}.crt;
location /static/ {
alias /opt/netbox-{{ netbox_version }}/netbox/static/;
}
location / {
client_max_body_size 32M;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8001;
}
}

View File

@ -38,6 +38,11 @@
- librenms - librenms
- prometheus - prometheus
- name: Setup netbox server
hosts: epona.binary.kitchen
roles:
- netbox
- name: Setup drone runner - name: Setup drone runner
hosts: bob.binary.kitchen hosts: bob.binary.kitchen
roles: roles: